Dutch Researcher: 23,000 Webshops Infected With Malware

According to internet security expert Willem de Groot, more than 23,000 merchants in the Netherlands are infected with malware that automatically sends payment details to the hackers.

More and more Dutch webshops are infected with malicious software that sends sensitive customer information to foreign cybercriminals. When victims enter their credit card details on malware infected websites, the data is automatically transferred to the hackers.

De Groot is constantly monitoring about 250,000 online shops. According to the researcher, more than 23,000 merchants are infected with malicious software, and 10,000 of the websites send sensitive information to the cybercriminals, without the administrators’ knowledge. The percentage of infected websites increased rapidly from last year. In November 2015, 1.4% of the online stores sent payment information to the hackers, however, this percentage rose to 4.2% in 2016.

Various shops were infected in the past year. For example, an online sex shop was hacked, revealing the sensitive information of thousands of young men and women to the public. The categories the infected webshops sell range from carnival goods, pregnancy products, hockey gear, model trains, but even a site was breached, which was selling Donald Trump merchandise. According to de Groot, the websites he monitors are only a small portion of the malicious sites.

“You can observe many intrusions from the outside, which you cannot see from the inside. My samples show signs of forced entry at a quarter of the webshops,” the researcher said.

De Groot examined that many webshop admins deal with the issues, however, due to the high number of new infections, it is hard for them to cope with cybercriminals. Additionally, not all websites are equally alert of the breaches. The admins took steps only when the researcher published a list of infected sites.

“Suddenly, web shops were closing their gaps. It seems like only consumers have an interest in addressing this issue. Other parties do not care about the theft,” de Groot said.

The researcher added that small webshop owners are struggling to keep up with all the security measures. He advised them to take the necessary steps.

According to the research, cybercriminals take advantage of the weak login credentials website admins use and often breach webshops, which use poorly structured software.

“Once infected, you cannot just be rid of the rogue software. Smart criminals have recently developed self-healing software. If you delete the infected files, the software will repair itself at a later time,” de Groot added.

After hackers breached the websites, they inserted a piece of code, which ensured that all data the customer types into the site would send automatically. When cybercriminals have the sensitive information, they often sell it on the dark web. Credit card details are offered for 25 and 65 dollars each. De Groot estimates $50 million worth of credit card information stolen from the websites he monitors.

The researcher advises customers to use secure payment methods, such as PayPal.

“It is important to remember that your payment details, sooner or later, can leak,” de Groot warned customers.